From 187dfb668dd413ffbf148bda429306717de8eefb Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 11 Sep 2023 20:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-09-11T20:00:25.410243+00:00 --- CVE-2018/CVE-2018-115xx/CVE-2018-11574.json | 45 ++- CVE-2020/CVE-2020-101xx/CVE-2020-10129.json | 62 ++- CVE-2020/CVE-2020-101xx/CVE-2020-10130.json | 62 ++- CVE-2020/CVE-2020-101xx/CVE-2020-10131.json | 62 ++- CVE-2020/CVE-2020-101xx/CVE-2020-10132.json | 62 ++- CVE-2020/CVE-2020-193xx/CVE-2020-19318.json | 20 + CVE-2020/CVE-2020-193xx/CVE-2020-19319.json | 20 + CVE-2020/CVE-2020-193xx/CVE-2020-19320.json | 24 ++ CVE-2020/CVE-2020-193xx/CVE-2020-19323.json | 24 ++ CVE-2020/CVE-2020-195xx/CVE-2020-19559.json | 20 + CVE-2020/CVE-2020-240xx/CVE-2020-24088.json | 4 +- CVE-2021/CVE-2021-360xx/CVE-2021-36021.json | 111 +++++- CVE-2021/CVE-2021-360xx/CVE-2021-36023.json | 99 ++++- CVE-2021/CVE-2021-360xx/CVE-2021-36036.json | 99 ++++- CVE-2021/CVE-2021-360xx/CVE-2021-36060.json | 39 +- CVE-2021/CVE-2021-366xx/CVE-2021-36646.json | 64 +++- CVE-2021/CVE-2021-40xx/CVE-2021-4034.json | 18 +- CVE-2022/CVE-2022-233xx/CVE-2022-23382.json | 4 +- CVE-2022/CVE-2022-317xx/CVE-2022-31704.json | 8 +- CVE-2022/CVE-2022-317xx/CVE-2022-31706.json | 8 +- CVE-2022/CVE-2022-317xx/CVE-2022-31711.json | 10 +- CVE-2023/CVE-2023-236xx/CVE-2023-23623.json | 92 ++++- CVE-2023/CVE-2023-274xx/CVE-2023-27470.json | 4 +- CVE-2023/CVE-2023-281xx/CVE-2023-28198.json | 8 +- CVE-2023/CVE-2023-291xx/CVE-2023-29198.json | 152 +++++++- CVE-2023/CVE-2023-300xx/CVE-2023-30058.json | 4 +- CVE-2023/CVE-2023-307xx/CVE-2023-30718.json | 396 +++++++++++++++++++- CVE-2023/CVE-2023-30xx/CVE-2023-3090.json | 6 +- CVE-2023/CVE-2023-310xx/CVE-2023-31067.json | 24 ++ CVE-2023/CVE-2023-310xx/CVE-2023-31068.json | 24 ++ CVE-2023/CVE-2023-310xx/CVE-2023-31069.json | 24 ++ CVE-2023/CVE-2023-312xx/CVE-2023-31248.json | 6 +- CVE-2023/CVE-2023-314xx/CVE-2023-31468.json | 24 ++ CVE-2023/CVE-2023-321xx/CVE-2023-32162.json | 61 ++- CVE-2023/CVE-2023-321xx/CVE-2023-32163.json | 61 ++- CVE-2023/CVE-2023-323xx/CVE-2023-32370.json | 8 +- CVE-2023/CVE-2023-325xx/CVE-2023-32559.json | 14 +- CVE-2023/CVE-2023-326xx/CVE-2023-32629.json | 76 +++- CVE-2023/CVE-2023-327xx/CVE-2023-32707.json | 8 +- CVE-2023/CVE-2023-33xx/CVE-2023-3389.json | 6 +- CVE-2023/CVE-2023-33xx/CVE-2023-3390.json | 6 +- CVE-2023/CVE-2023-350xx/CVE-2023-35001.json | 6 +- CVE-2023/CVE-2023-350xx/CVE-2023-35065.json | 27 +- CVE-2023/CVE-2023-350xx/CVE-2023-35068.json | 27 +- CVE-2023/CVE-2023-350xx/CVE-2023-35072.json | 27 +- CVE-2023/CVE-2023-357xx/CVE-2023-35785.json | 4 +- CVE-2023/CVE-2023-357xx/CVE-2023-35788.json | 6 +- CVE-2023/CVE-2023-361xx/CVE-2023-36140.json | 4 +- CVE-2023/CVE-2023-387xx/CVE-2023-38743.json | 20 + CVE-2023/CVE-2023-388xx/CVE-2023-38829.json | 20 + CVE-2023/CVE-2023-390xx/CVE-2023-39063.json | 20 + CVE-2023/CVE-2023-390xx/CVE-2023-39067.json | 24 ++ CVE-2023/CVE-2023-390xx/CVE-2023-39068.json | 20 + CVE-2023/CVE-2023-390xx/CVE-2023-39070.json | 20 + CVE-2023/CVE-2023-395xx/CVE-2023-39511.json | 48 ++- CVE-2023/CVE-2023-395xx/CVE-2023-39598.json | 64 +++- CVE-2023/CVE-2023-397xx/CVE-2023-39780.json | 40 ++ CVE-2023/CVE-2023-400xx/CVE-2023-40032.json | 63 ++++ CVE-2023/CVE-2023-403xx/CVE-2023-40397.json | 8 +- CVE-2023/CVE-2023-410xx/CVE-2023-41000.json | 4 +- CVE-2023/CVE-2023-410xx/CVE-2023-41064.json | 16 +- CVE-2023/CVE-2023-411xx/CVE-2023-41103.json | 24 ++ CVE-2023/CVE-2023-411xx/CVE-2023-41107.json | 69 +++- CVE-2023/CVE-2023-411xx/CVE-2023-41108.json | 69 +++- CVE-2023/CVE-2023-412xx/CVE-2023-41256.json | 55 +++ CVE-2023/CVE-2023-413xx/CVE-2023-41328.json | 64 +++- CVE-2023/CVE-2023-415xx/CVE-2023-41508.json | 69 +++- CVE-2023/CVE-2023-415xx/CVE-2023-41593.json | 32 ++ CVE-2023/CVE-2023-416xx/CVE-2023-41601.json | 69 +++- CVE-2023/CVE-2023-416xx/CVE-2023-41609.json | 20 + CVE-2023/CVE-2023-419xx/CVE-2023-41930.json | 69 +++- CVE-2023/CVE-2023-419xx/CVE-2023-41931.json | 70 +++- CVE-2023/CVE-2023-419xx/CVE-2023-41941.json | 70 +++- CVE-2023/CVE-2023-419xx/CVE-2023-41942.json | 70 +++- CVE-2023/CVE-2023-419xx/CVE-2023-41943.json | 70 +++- CVE-2023/CVE-2023-419xx/CVE-2023-41944.json | 70 +++- CVE-2023/CVE-2023-419xx/CVE-2023-41945.json | 70 +++- CVE-2023/CVE-2023-419xx/CVE-2023-41946.json | 70 +++- CVE-2023/CVE-2023-419xx/CVE-2023-41947.json | 70 +++- CVE-2023/CVE-2023-42xx/CVE-2023-4207.json | 86 ++++- CVE-2023/CVE-2023-42xx/CVE-2023-4208.json | 82 +++- CVE-2023/CVE-2023-42xx/CVE-2023-4244.json | 66 +++- CVE-2023/CVE-2023-43xx/CVE-2023-4310.json | 81 +++- CVE-2023/CVE-2023-44xx/CVE-2023-4485.json | 60 ++- CVE-2023/CVE-2023-45xx/CVE-2023-4597.json | 50 +-- CVE-2023/CVE-2023-46xx/CVE-2023-4622.json | 86 ++++- CVE-2023/CVE-2023-46xx/CVE-2023-4623.json | 71 +++- CVE-2023/CVE-2023-47xx/CVE-2023-4772.json | 60 ++- CVE-2023/CVE-2023-47xx/CVE-2023-4792.json | 37 +- CVE-2023/CVE-2023-48xx/CVE-2023-4807.json | 6 +- CVE-2023/CVE-2023-48xx/CVE-2023-4881.json | 4 +- README.md | 80 ++-- 92 files changed, 3901 insertions(+), 305 deletions(-) create mode 100644 CVE-2020/CVE-2020-193xx/CVE-2020-19318.json create mode 100644 CVE-2020/CVE-2020-193xx/CVE-2020-19319.json create mode 100644 CVE-2020/CVE-2020-193xx/CVE-2020-19320.json create mode 100644 CVE-2020/CVE-2020-193xx/CVE-2020-19323.json create mode 100644 CVE-2020/CVE-2020-195xx/CVE-2020-19559.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31067.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31068.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31069.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31468.json create mode 100644 CVE-2023/CVE-2023-387xx/CVE-2023-38743.json create mode 100644 CVE-2023/CVE-2023-388xx/CVE-2023-38829.json create mode 100644 CVE-2023/CVE-2023-390xx/CVE-2023-39063.json create mode 100644 CVE-2023/CVE-2023-390xx/CVE-2023-39067.json create mode 100644 CVE-2023/CVE-2023-390xx/CVE-2023-39068.json create mode 100644 CVE-2023/CVE-2023-390xx/CVE-2023-39070.json create mode 100644 CVE-2023/CVE-2023-397xx/CVE-2023-39780.json create mode 100644 CVE-2023/CVE-2023-400xx/CVE-2023-40032.json create mode 100644 CVE-2023/CVE-2023-411xx/CVE-2023-41103.json create mode 100644 CVE-2023/CVE-2023-412xx/CVE-2023-41256.json create mode 100644 CVE-2023/CVE-2023-415xx/CVE-2023-41593.json create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41609.json diff --git a/CVE-2018/CVE-2018-115xx/CVE-2018-11574.json b/CVE-2018/CVE-2018-115xx/CVE-2018-11574.json index d4f28ee72bd..39f8918bcb6 100644 --- a/CVE-2018/CVE-2018-115xx/CVE-2018-11574.json +++ b/CVE-2018/CVE-2018-115xx/CVE-2018-11574.json @@ -2,8 +2,8 @@ "id": "CVE-2018-11574", "sourceIdentifier": "cve@mitre.org", "published": "2018-06-14T20:29:00.253", - "lastModified": "2020-02-24T15:55:33.380", - "vulnStatus": "Modified", + "lastModified": "2023-09-11T19:43:56.857", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -88,8 +88,34 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:-:*:*:*:*:*:*:*", - "matchCriteriaId": "9DD38BEC-91CE-4F96-860E-14BEE99C1BE0" + "criteria": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4.9", + "matchCriteriaId": "4AE8280C-9E3A-44B0-BB50-34D43C036B40" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", + "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", + "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", + "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09" } ] } @@ -108,7 +134,10 @@ }, { "url": "https://usn.ubuntu.com/3810-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-101xx/CVE-2020-10129.json b/CVE-2020/CVE-2020-101xx/CVE-2020-10129.json index 712848fd9d8..d2f6da45172 100644 --- a/CVE-2020/CVE-2020-101xx/CVE-2020-10129.json +++ b/CVE-2020/CVE-2020-101xx/CVE-2020-10129.json @@ -2,16 +2,49 @@ "id": "CVE-2020-10129", "sourceIdentifier": "cret@cert.org", "published": "2023-09-06T19:15:43.727", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:05:03.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + }, { "source": "cret@cert.org", "type": "Secondary", @@ -23,10 +56,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.1", + "matchCriteriaId": "5D41ADDB-3434-439B-9BE0-A72BE913E22D" + } + ] + } + ] + } + ], "references": [ { "url": "https://developer.searchblox.com/v9.2/changelog/version-91", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-101xx/CVE-2020-10130.json b/CVE-2020/CVE-2020-101xx/CVE-2020-10130.json index edf33f96281..dc708973edf 100644 --- a/CVE-2020/CVE-2020-101xx/CVE-2020-10130.json +++ b/CVE-2020/CVE-2020-101xx/CVE-2020-10130.json @@ -2,16 +2,49 @@ "id": "CVE-2020-10130", "sourceIdentifier": "cret@cert.org", "published": "2023-09-06T19:15:43.847", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:04:41.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + }, { "source": "cret@cert.org", "type": "Secondary", @@ -23,10 +56,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1", + "matchCriteriaId": "D217B14E-5241-4ECC-BBC9-DE0C1E7845C5" + } + ] + } + ] + } + ], "references": [ { "url": "https://developer.searchblox.com/v9.2/changelog/version-91", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-101xx/CVE-2020-10131.json b/CVE-2020/CVE-2020-101xx/CVE-2020-10131.json index 84d9a1d45ba..f5190b78c25 100644 --- a/CVE-2020/CVE-2020-101xx/CVE-2020-10131.json +++ b/CVE-2020/CVE-2020-101xx/CVE-2020-10131.json @@ -2,16 +2,49 @@ "id": "CVE-2020-10131", "sourceIdentifier": "cret@cert.org", "published": "2023-09-06T19:15:43.913", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:04:07.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in \"Featured Results\" parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1236" + } + ] + }, { "source": "cret@cert.org", "type": "Secondary", @@ -23,10 +56,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.1", + "matchCriteriaId": "5D41ADDB-3434-439B-9BE0-A72BE913E22D" + } + ] + } + ] + } + ], "references": [ { "url": "https://developer.searchblox.com/v9.2/changelog/version-921", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-101xx/CVE-2020-10132.json b/CVE-2020/CVE-2020-101xx/CVE-2020-10132.json index f4eeed58d2c..72ca07c3338 100644 --- a/CVE-2020/CVE-2020-101xx/CVE-2020-10132.json +++ b/CVE-2020/CVE-2020-101xx/CVE-2020-10132.json @@ -2,16 +2,49 @@ "id": "CVE-2020-10132", "sourceIdentifier": "cret@cert.org", "published": "2023-09-06T19:15:43.987", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:03:42.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cret@cert.org", "type": "Secondary", @@ -23,10 +56,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1", + "matchCriteriaId": "D217B14E-5241-4ECC-BBC9-DE0C1E7845C5" + } + ] + } + ] + } + ], "references": [ { "url": "https://developer.searchblox.com/v9.2/changelog/version-91", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-193xx/CVE-2020-19318.json b/CVE-2020/CVE-2020-193xx/CVE-2020-19318.json new file mode 100644 index 00000000000..6d958019a21 --- /dev/null +++ b/CVE-2020/CVE-2020-193xx/CVE-2020-19318.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2020-19318", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T18:15:09.107", + "lastModified": "2023-09-11T19:08:33.020", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/hhhhu8045759/dir_605L-stack-overflow/blob/master/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-193xx/CVE-2020-19319.json b/CVE-2020/CVE-2020-193xx/CVE-2020-19319.json new file mode 100644 index 00000000000..36b64c2f6d7 --- /dev/null +++ b/CVE-2020/CVE-2020-193xx/CVE-2020-19319.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2020-19319", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:41.250", + "lastModified": "2023-09-11T19:15:41.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/hhhhu8045759/dir_619l-buffer-overflow", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-193xx/CVE-2020-19320.json b/CVE-2020/CVE-2020-193xx/CVE-2020-19320.json new file mode 100644 index 00000000000..4123febcd9e --- /dev/null +++ b/CVE-2020/CVE-2020-193xx/CVE-2020-19320.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2020-19320", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:41.367", + "lastModified": "2023-09-11T19:15:41.367", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/hhhhu8045759/dlink-619l-buffer_overflow", + "source": "cve@mitre.org" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-193xx/CVE-2020-19323.json b/CVE-2020/CVE-2020-193xx/CVE-2020-19323.json new file mode 100644 index 00000000000..a98c36cdd48 --- /dev/null +++ b/CVE-2020/CVE-2020-193xx/CVE-2020-19323.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2020-19323", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:41.437", + "lastModified": "2023-09-11T19:15:41.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/hhhhu8045759/619L_upnpd_heapoverflow", + "source": "cve@mitre.org" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-195xx/CVE-2020-19559.json b/CVE-2020/CVE-2020-195xx/CVE-2020-19559.json new file mode 100644 index 00000000000..2d499168c33 --- /dev/null +++ b/CVE-2020/CVE-2020-195xx/CVE-2020-19559.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2020-19559", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:41.500", + "lastModified": "2023-09-11T19:15:41.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/nightst0rm/t%E1%BA%A3n-m%E1%BA%A1n-v%E1%BB%81-l%E1%BB%97-h%E1%BB%95ng-trong-atm-diebold-f1040a70f2c9", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-240xx/CVE-2020-24088.json b/CVE-2020/CVE-2020-240xx/CVE-2020-24088.json index 649bf2dbc70..612e42acac9 100644 --- a/CVE-2020/CVE-2020-240xx/CVE-2020-24088.json +++ b/CVE-2020/CVE-2020-240xx/CVE-2020-24088.json @@ -2,8 +2,8 @@ "id": "CVE-2020-24088", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T15:15:52.357", - "lastModified": "2023-09-11T15:15:52.357", - "vulnStatus": "Received", + "lastModified": "2023-09-11T18:02:20.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36021.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36021.json index ae070d0767e..5474ff46a1d 100644 --- a/CVE-2021/CVE-2021-360xx/CVE-2021-36021.json +++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36021.json @@ -2,8 +2,8 @@ "id": "CVE-2021-36021", "sourceIdentifier": "psirt@adobe.com", "published": "2023-09-06T14:15:08.767", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:05:41.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +76,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", + "versionEndExcluding": "2.3.7", + "matchCriteriaId": "727FB993-9F35-40EA-BF41-E4757F21C5FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", + "versionEndExcluding": "2.3.7", + "matchCriteriaId": "9DF037A1-026B-4083-97FB-13578A56326C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", + "versionStartIncluding": "2.4.0", + "versionEndExcluding": "2.4.2", + "matchCriteriaId": "FEBAEE65-BE3C-45B8-A321-F24F90495906" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", + "versionStartIncluding": "2.4.0", + "versionEndExcluding": "2.4.2", + "matchCriteriaId": "6A81A9D5-8570-430F-AD20-BEBEC3151865" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:commerce:*:*:*", + "matchCriteriaId": "F124A6F4-E3B3-4065-970D-963BAAAD59CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:open_source:*:*:*", + "matchCriteriaId": "4F1E5426-A646-4EC1-902A-FD30B00AD1AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:commerce:*:*:*", + "matchCriteriaId": "58C98B8D-6E7B-44FA-8C73-D2AA1DC0A074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:open_source:*:*:*", + "matchCriteriaId": "930C8AEF-C433-4CF9-AC81-7CCFC3EDFD48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:commerce:*:*:*", + "matchCriteriaId": "68A6F795-960A-42F0-96BA-2E3D912F3E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "E9CD54D8-4E55-4437-B762-A68F2BE62CF3" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36023.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36023.json index 0fbe8ec69a7..36162f0eea8 100644 --- a/CVE-2021/CVE-2021-360xx/CVE-2021-36023.json +++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36023.json @@ -2,8 +2,8 @@ "id": "CVE-2021-36023", "sourceIdentifier": "psirt@adobe.com", "published": "2023-09-06T14:15:08.950", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:05:35.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", @@ -46,10 +66,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", + "versionEndExcluding": "2.3.7", + "matchCriteriaId": "727FB993-9F35-40EA-BF41-E4757F21C5FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", + "versionEndExcluding": "2.3.7", + "matchCriteriaId": "9DF037A1-026B-4083-97FB-13578A56326C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", + "versionStartIncluding": "2.4.0", + "versionEndExcluding": "2.4.2", + "matchCriteriaId": "FEBAEE65-BE3C-45B8-A321-F24F90495906" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", + "versionStartIncluding": "2.4.0", + "versionEndExcluding": "2.4.2", + "matchCriteriaId": "6A81A9D5-8570-430F-AD20-BEBEC3151865" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:commerce:*:*:*", + "matchCriteriaId": "F124A6F4-E3B3-4065-970D-963BAAAD59CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:open_source:*:*:*", + "matchCriteriaId": "4F1E5426-A646-4EC1-902A-FD30B00AD1AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:commerce:*:*:*", + "matchCriteriaId": "58C98B8D-6E7B-44FA-8C73-D2AA1DC0A074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:open_source:*:*:*", + "matchCriteriaId": "930C8AEF-C433-4CF9-AC81-7CCFC3EDFD48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:commerce:*:*:*", + "matchCriteriaId": "68A6F795-960A-42F0-96BA-2E3D912F3E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "E9CD54D8-4E55-4437-B762-A68F2BE62CF3" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36036.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36036.json index 929fb2ac60a..9d626ef44f9 100644 --- a/CVE-2021/CVE-2021-360xx/CVE-2021-36036.json +++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36036.json @@ -2,8 +2,8 @@ "id": "CVE-2021-36036", "sourceIdentifier": "psirt@adobe.com", "published": "2023-09-06T14:15:09.110", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:05:15.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", @@ -46,10 +66,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", + "versionEndExcluding": "2.3.7", + "matchCriteriaId": "727FB993-9F35-40EA-BF41-E4757F21C5FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", + "versionEndExcluding": "2.3.7", + "matchCriteriaId": "9DF037A1-026B-4083-97FB-13578A56326C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", + "versionStartIncluding": "2.4.0", + "versionEndExcluding": "2.4.2", + "matchCriteriaId": "FEBAEE65-BE3C-45B8-A321-F24F90495906" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", + "versionStartIncluding": "2.4.0", + "versionEndExcluding": "2.4.2", + "matchCriteriaId": "6A81A9D5-8570-430F-AD20-BEBEC3151865" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:commerce:*:*:*", + "matchCriteriaId": "F124A6F4-E3B3-4065-970D-963BAAAD59CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:open_source:*:*:*", + "matchCriteriaId": "4F1E5426-A646-4EC1-902A-FD30B00AD1AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:commerce:*:*:*", + "matchCriteriaId": "58C98B8D-6E7B-44FA-8C73-D2AA1DC0A074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:open_source:*:*:*", + "matchCriteriaId": "930C8AEF-C433-4CF9-AC81-7CCFC3EDFD48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:commerce:*:*:*", + "matchCriteriaId": "68A6F795-960A-42F0-96BA-2E3D912F3E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "E9CD54D8-4E55-4437-B762-A68F2BE62CF3" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36060.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36060.json index e2d55178853..07b32414140 100644 --- a/CVE-2021/CVE-2021-360xx/CVE-2021-36060.json +++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36060.json @@ -2,8 +2,8 @@ "id": "CVE-2021-36060", "sourceIdentifier": "psirt@adobe.com", "published": "2023-09-06T14:15:09.283", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:04:06.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:media_encoder:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.4", + "matchCriteriaId": "8834BF85-8F99-4DB9-AA68-ED14A766E719" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-43.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-366xx/CVE-2021-36646.json b/CVE-2021/CVE-2021-366xx/CVE-2021-36646.json index cbfc85c98f5..994dfddb984 100644 --- a/CVE-2021/CVE-2021-366xx/CVE-2021-36646.json +++ b/CVE-2021/CVE-2021-366xx/CVE-2021-36646.json @@ -2,19 +2,75 @@ "id": "CVE-2021-36646", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-06T17:15:49.873", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:06:39.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kodcloud:kodexplorer:4.45:*:*:*:*:*:*:*", + "matchCriteriaId": "2DDC782B-E8E9-4B75-AF51-2F3A90B7A6A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kalcaddle/KodExplorer/issues/482", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-40xx/CVE-2021-4034.json b/CVE-2021/CVE-2021-40xx/CVE-2021-4034.json index b171cf1908e..39bc3e73d35 100644 --- a/CVE-2021/CVE-2021-40xx/CVE-2021-4034.json +++ b/CVE-2021/CVE-2021-40xx/CVE-2021-4034.json @@ -2,8 +2,8 @@ "id": "CVE-2021-4034", "sourceIdentifier": "secalert@redhat.com", "published": "2022-01-28T20:15:12.193", - "lastModified": "2023-02-13T21:15:11.917", - "vulnStatus": "Modified", + "lastModified": "2023-09-11T19:45:38.343", + "vulnStatus": "Analyzed", "cisaExploitAdd": "2022-06-27", "cisaActionDue": "2022-07-18", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -72,6 +72,10 @@ "source": "nvd@nist.gov", "type": "Primary", "description": [ + { + "lang": "en", + "value": "CWE-125" + }, { "lang": "en", "value": "CWE-787" @@ -95,7 +99,6 @@ ], "configurations": [ { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -104,14 +107,14 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*", - "matchCriteriaId": "A01DC7E2-1615-4AC8-9425-027F38C60C9D" + "versionEndExcluding": "121", + "matchCriteriaId": "F01D94C9-1E04-413B-8636-1AAC6D9E84D6" } ] } ] }, { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -287,7 +290,6 @@ ] }, { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -323,7 +325,6 @@ ] }, { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -374,7 +375,6 @@ ] }, { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -400,7 +400,6 @@ ] }, { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -445,7 +444,6 @@ ] }, { - "operator": "AND", "nodes": [ { "operator": "OR", diff --git a/CVE-2022/CVE-2022-233xx/CVE-2022-23382.json b/CVE-2022/CVE-2022-233xx/CVE-2022-23382.json index 4077e018226..84f025d89ed 100644 --- a/CVE-2022/CVE-2022-233xx/CVE-2022-23382.json +++ b/CVE-2022/CVE-2022-233xx/CVE-2022-23382.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23382", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T15:15:52.553", - "lastModified": "2023-09-11T15:15:52.553", - "vulnStatus": "Received", + "lastModified": "2023-09-11T18:02:20.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-317xx/CVE-2022-31704.json b/CVE-2022/CVE-2022-317xx/CVE-2022-31704.json index 895a7b6a19f..1a255a99927 100644 --- a/CVE-2022/CVE-2022-317xx/CVE-2022-31704.json +++ b/CVE-2022/CVE-2022-317xx/CVE-2022-31704.json @@ -2,8 +2,8 @@ "id": "CVE-2022-31704", "sourceIdentifier": "security@vmware.com", "published": "2023-01-26T21:15:37.320", - "lastModified": "2023-02-01T16:57:33.947", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-11T19:15:41.590", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -73,6 +73,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", + "source": "security@vmware.com" + }, { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", "source": "security@vmware.com", diff --git a/CVE-2022/CVE-2022-317xx/CVE-2022-31706.json b/CVE-2022/CVE-2022-317xx/CVE-2022-31706.json index 9c19a8718ae..8aede56e2e9 100644 --- a/CVE-2022/CVE-2022-317xx/CVE-2022-31706.json +++ b/CVE-2022/CVE-2022-317xx/CVE-2022-31706.json @@ -2,8 +2,8 @@ "id": "CVE-2022-31706", "sourceIdentifier": "security@vmware.com", "published": "2023-01-26T21:15:37.610", - "lastModified": "2023-02-01T16:58:38.557", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-11T19:15:41.703", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -73,6 +73,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", + "source": "security@vmware.com" + }, { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", "source": "security@vmware.com", diff --git a/CVE-2022/CVE-2022-317xx/CVE-2022-31711.json b/CVE-2022/CVE-2022-317xx/CVE-2022-31711.json index 9780e9421de..c5b523908fb 100644 --- a/CVE-2022/CVE-2022-317xx/CVE-2022-31711.json +++ b/CVE-2022/CVE-2022-317xx/CVE-2022-31711.json @@ -2,8 +2,8 @@ "id": "CVE-2022-31711", "sourceIdentifier": "security@vmware.com", "published": "2023-01-26T21:15:38.270", - "lastModified": "2023-02-01T17:00:03.840", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-11T19:15:41.777", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -41,7 +41,7 @@ "description": [ { "lang": "en", - "value": "CWE-200" + "value": "NVD-CWE-noinfo" } ] } @@ -73,6 +73,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", + "source": "security@vmware.com" + }, { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", "source": "security@vmware.com", diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23623.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23623.json index 4785f80f9ae..6b637de5756 100644 --- a/CVE-2023/CVE-2023-236xx/CVE-2023-23623.json +++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23623.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23623", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-06T21:15:08.977", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:02:53.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,10 +66,76 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:22.0.0:-:*:*:*:node.js:*:*", + "matchCriteriaId": "EA67DC7F-0492-45A6-A585-C1F6BA8CB125" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta1:*:*:*:node.js:*:*", + "matchCriteriaId": "8313BBF8-2C7B-471E-B379-E8F587EB4F98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta2:*:*:*:node.js:*:*", + "matchCriteriaId": "9B73F495-8C0E-409E-86AC-2FC1A214AA9F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta3:*:*:*:node.js:*:*", + "matchCriteriaId": "77E1E30F-0BAC-409B-B2D3-FF3B1FDCFE6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta4:*:*:*:node.js:*:*", + "matchCriteriaId": "6C556804-A20C-4E9F-8F4D-8E824A0032D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta5:*:*:*:node.js:*:*", + "matchCriteriaId": "F0995881-8E6C-4B2C-9F3A-F10668916039" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta6:*:*:*:node.js:*:*", + "matchCriteriaId": "EB9BD805-BAC9-425D-A590-28B0FB68C3F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta7:*:*:*:node.js:*:*", + "matchCriteriaId": "197DA034-183C-4407-BD95-B610CBF980A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta8:*:*:*:node.js:*:*", + "matchCriteriaId": "D14A589D-E6F7-4ED7-A123-C83633AC2004" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:23.0.0:alpha1:*:*:*:node.js:*:*", + "matchCriteriaId": "8074214C-1787-46B6-A5CC-8DF31BC269EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27470.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27470.json index 264fdd9251c..b7d22aa644a 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27470.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27470.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27470", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T15:15:52.727", - "lastModified": "2023-09-11T15:15:52.727", - "vulnStatus": "Received", + "lastModified": "2023-09-11T18:02:20.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28198.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28198.json index 0bbfadb5a13..a4af0748e05 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28198.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28198.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28198", "sourceIdentifier": "product-security@apple.com", "published": "2023-08-14T23:15:10.830", - "lastModified": "2023-08-19T00:43:25.777", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-11T18:15:09.477", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -78,6 +78,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29198.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29198.json index e30ed9da4d9..20d697e0fd6 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29198.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29198.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29198", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-06T21:15:11.560", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:58:07.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +64,138 @@ "value": "CWE-754" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "22.3.6", + "matchCriteriaId": "1C14CCD1-146F-4A22-B093-C9FEC8047E91" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.2.3", + "matchCriteriaId": "B080AD66-1912-4AD2-BE21-B69935B4F04D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:-:*:*:*:node.js:*:*", + "matchCriteriaId": "2635DE47-9315-4D0D-BA52-215D97A09BF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha1:*:*:*:node.js:*:*", + "matchCriteriaId": "800543E5-0E06-4E9B-A18D-9857524244D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha2:*:*:*:node.js:*:*", + "matchCriteriaId": "47E4540B-0EAE-41B8-878F-F22C3BDF0FE5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha3:*:*:*:node.js:*:*", + "matchCriteriaId": "05448824-0FA1-41DF-938F-0FC5D82C9FE0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha4:*:*:*:node.js:*:*", + "matchCriteriaId": "FDB7E385-A58F-4B91-B7EE-75475D65038C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha5:*:*:*:node.js:*:*", + "matchCriteriaId": "2ADACB20-163D-4BE0-AFD9-D93A5D58A910" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha6:*:*:*:node.js:*:*", + "matchCriteriaId": "8EEBC95D-093C-49BE-A309-DE544BCD698C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha7:*:*:*:node.js:*:*", + "matchCriteriaId": "501BF9A9-4EC1-485F-953B-E129252FC9B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta1:*:*:*:node.js:*:*", + "matchCriteriaId": "8F28A9E8-D1CD-476F-9BF7-F205B1FCDBC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta2:*:*:*:node.js:*:*", + "matchCriteriaId": "19F9825C-3265-411E-96E0-1C470D4F6830" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta3:*:*:*:node.js:*:*", + "matchCriteriaId": "7CD55BDC-94ED-4ED8-905C-3AFBAB59AA63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta4:*:*:*:node.js:*:*", + "matchCriteriaId": "E65B67F6-3AA6-4E7C-9290-C71A8CCB9A1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta5:*:*:*:node.js:*:*", + "matchCriteriaId": "CC14A98C-9410-42A2-A71B-DC73C3855901" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta6:*:*:*:node.js:*:*", + "matchCriteriaId": "01B7E19C-F35A-4EAD-9640-926EE76E5FB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta7:*:*:*:node.js:*:*", + "matchCriteriaId": "509E7716-E3DB-4ABF-820D-514DEE59F251" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:electronjs:electron:25.0.0:alpha1:*:*:*:node.js:*:*", + "matchCriteriaId": "4F2529F8-84AF-4F04-BD1A-3C4A2AF49B6A" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] }, { "url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30058.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30058.json index 827af229f23..3381afbed01 100644 --- a/CVE-2023/CVE-2023-300xx/CVE-2023-30058.json +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30058.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30058", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T16:15:07.560", - "lastModified": "2023-09-11T16:15:07.560", - "vulnStatus": "Received", + "lastModified": "2023-09-11T18:02:20.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30718.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30718.json index b0cae7b1a9e..1ec1ab36eee 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30718.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30718.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30718", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-09-06T04:15:14.640", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:05:24.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "mobile.security@samsung.com", "type": "Secondary", @@ -46,10 +76,370 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*", + "matchCriteriaId": "DA3806E2-A780-4BB5-B4DC-D015D841E4C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "8D2D0083-0A85-47F7-A42D-2040A3BEC132" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "0332BF16-0F1F-4733-ABCE-A1EA1366A5D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "D7120696-2440-44EC-B3A4-6FCBB4A60A12" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "A3658A42-BCA9-4188-8B36-3C6599BBF83C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "D0E55E09-C2C9-43D1-8A1A-6D02F544E34A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "693D72EF-1531-4C15-B105-2DEBE02D30F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2020-r1:*:*:*:*:*:*", + "matchCriteriaId": "C26195A5-31BE-4116-8F31-9F25BE57AB52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "4C6114C5-C175-45E7-821E-6BA218F923DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "58BA232B-8D39-473A-91D0-D3AC03FDE8FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "25B42CE0-67DE-4611-8D70-DEEC975E32BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "AF2EADA0-5976-4711-A7A5-61594F3E2FEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "6B59145B-5506-477C-8F9C-ABB0CE2CF631" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "AC082E25-1B7D-473D-A066-1463E6321CD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "655BEA94-9A83-4A56-8DDE-79ADC821C707" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "B894D0C1-E66E-44B0-8FCA-2EE4290C4173" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "2B088DE9-31F1-4737-8BC8-CC406F208ACB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "899F6BD2-47AF-4ADA-935D-90AB069E9BA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "60281652-A1DF-4EA4-8CD3-6DCA43F6162F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "C2592B14-B3B7-4C85-88E8-5E12F6F50ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "40A783AA-91E7-426B-8A78-4EBE5D69A602" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "4F46F8F7-0EBA-4D2F-AC53-4BB5956D7B87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "BA51F5D5-D18D-426C-B09F-EE12CE11E9FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "53968A3C-6E71-42B8-8671-6730D8C85603" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "FFB0F9B9-C60D-40CC-AC7D-FDB288EB2264" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "6C946853-D56D-457C-A1CB-AD1A5BD56C41" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "B35EB1D3-2F29-4A5C-AC9A-6ED72A2E22D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "1DD6CFD3-5341-4069-B4FC-A5E07F13A63F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "9BD8E899-427B-47D2-9168-446B0249868F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "E923AF0F-34BA-40FE-AA20-B01366263B97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "78B14D1F-C536-4816-A076-B074E41EB0A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "AF2D00F4-B521-4D8F-84F8-DCE45B6349A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "548BCC15-C6D8-4AE7-B167-4DD74382097B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "9C2B6E53-CC07-4590-ADFA-CEF7DB0F4EB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*", + "matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "EC4A2EBA-038B-44D5-84F3-FF326CD1C62D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "40EB3FC1-D79A-40C7-9E2B-573E20780982" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "0ABFBBDB-E935-4C54-865A-0E607497DA87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "7B738B6B-78CE-4618-B70D-6BC9ED453105" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "3899E3E7-1284-4223-A258-DA691F5D62FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "ECD961EA-6881-4A14-83DE-C6972F6F681C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "011CC4F5-6701-41E9-BC7D-CFE6EFF682AC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "13E145E2-CE11-4EE5-9085-B4960FE4F52F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "02600CDD-6862-4146-88E8-A2E73B7ED534" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "35F40D59-034B-44FB-8DCD-D469B50DE7E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "CC84021B-9846-40FB-834B-7C5BECEFFEAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "BC3F8572-578B-4D19-9453-1D03DA55EF70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "EEABF42E-578E-4689-B80D-B305467AA72D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "9137C66C-4966-4C90-ABE9-7E22F7E29BA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "E261C9D8-1E74-44B8-9F11-F5769CF8B7FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "18CD523B-530E-4187-8BFF-729CDAC69282" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "4C28D3CD-DD34-4334-B03F-794B31A4BF48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*", + "matchCriteriaId": "5A81C86D-F1FE-4166-8F37-D7170E6B30FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "A3D80783-523A-455E-B1AD-0961086F79E6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "89BE2958-0BEE-4CFD-A0BA-494DE62E7F32" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "B0329C50-B904-480D-8EBB-F2757049FC81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*", + "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "88DC0A82-CAF3-4E88-8A4D-8AF79D0C226D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "34114DDC-DCDA-4306-8D23-2E628873171F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*", + "matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*", + "matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", - "source": "mobile.security@samsung.com" + "source": "mobile.security@samsung.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json index 6b093dd77eb..dfa65cb81b9 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3090", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-06-28T20:15:09.693", - "lastModified": "2023-08-19T18:16:44.790", + "lastModified": "2023-09-11T19:15:43.253", "vulnStatus": "Modified", "descriptions": [ { @@ -111,6 +111,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "source": "cve-coordination@google.com" + }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e", "source": "cve-coordination@google.com", diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31067.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31067.json new file mode 100644 index 00000000000..eb7688c2818 --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31067.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31067", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:41.873", + "lastModified": "2023-09-11T19:15:41.873", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\\TSplus\\Clients\\www." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://packetstormsecurity.com/files/174275/TSPlus-16.0.2.14-Insecure-Permissions.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.exploit-db.com/exploits/51679", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31068.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31068.json new file mode 100644 index 00000000000..53a7ad83e6d --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31068.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31068", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:41.927", + "lastModified": "2023-09-11T19:15:41.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\\TSplus\\UserDesktop\\themes." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://packetstormsecurity.com/files/174272/TSPlus-16.0.0.0-Insecure-Permissions.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.exploit-db.com/exploits/51680", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31069.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31069.json new file mode 100644 index 00000000000..28ec0bbadbe --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31069.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31069", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:41.983", + "lastModified": "2023-09-11T19:15:41.983", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://packetstormsecurity.com/files/174271/TSPlus-16.0.0.0-Insecure-Credential-Storage.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.exploit-db.com/exploits/51681", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json index 01de9c27b90..7ba57057ca4 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31248", "sourceIdentifier": "security@ubuntu.com", "published": "2023-07-05T19:15:09.713", - "lastModified": "2023-08-02T17:15:10.493", + "lastModified": "2023-09-11T19:15:42.037", "vulnStatus": "Modified", "descriptions": [ { @@ -136,6 +136,10 @@ "Third Party Advisory" ] }, + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "source": "security@ubuntu.com" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/05/2", "source": "security@ubuntu.com", diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31468.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31468.json new file mode 100644 index 00000000000..45e15e583f3 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31468.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31468", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:42.173", + "lastModified": "2023-09-11T19:15:42.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The \"%PROGRAMFILES(X86)%\\INOSOFT GmbH\" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://packetstormsecurity.com/files/174268/Inosoft-VisiWin-7-2022-2.1-Insecure-Permissions-Privilege-Escalation.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.exploit-db.com/exploits/51682", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32162.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32162.json index d0ddf06840a..926730f1647 100644 --- a/CVE-2023/CVE-2023-321xx/CVE-2023-32162.json +++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32162.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32162", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2023-09-06T05:15:42.243", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:53:22.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +68,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wacom:driver:6.3.45-1:*:*:*:*:*:*:*", + "matchCriteriaId": "26E56854-D72B-4447-9341-09B948EFAEBB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-741", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32163.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32163.json index 742b062634e..42420529a34 100644 --- a/CVE-2023/CVE-2023-321xx/CVE-2023-32163.json +++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32163.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32163", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2023-09-06T05:15:42.347", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:52:49.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +68,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wacom:driver:6.3.45-1:*:*:*:*:*:*:*", + "matchCriteriaId": "26E56854-D72B-4447-9341-09B948EFAEBB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-742", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32370.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32370.json index 0327cde2cdc..2dbfdf02cea 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32370.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32370.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32370", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-06T02:15:09.070", - "lastModified": "2023-09-08T15:52:01.343", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-11T18:15:09.927", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -66,6 +66,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213670", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32559.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32559.json index 8631f8c37f0..a4fa0e1b4cc 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32559.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32559.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32559", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-24T02:15:09.210", - "lastModified": "2023-09-01T17:05:35.170", + "lastModified": "2023-09-11T19:11:58.063", "vulnStatus": "Analyzed", "descriptions": [ { @@ -17,19 +17,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "baseScore": 7.5, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 1.6, "impactScore": 5.9 } ] diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32629.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32629.json index b5d5f8be35d..6fe3644fd3b 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32629.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32629.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32629", "sourceIdentifier": "security@ubuntu.com", "published": "2023-07-26T02:15:09.413", - "lastModified": "2023-07-26T04:24:59.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:15:42.233", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -46,22 +76,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*", + "matchCriteriaId": "B2E702D7-F8C0-49BF-9FFB-883017076E98" + } + ] + } + ] + } + ], "references": [ { - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629", + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", "source": "security@ubuntu.com" }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629", + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] + }, { "url": "https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://ubuntu.com/security/notices/USN-6250-1", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://wiz.io/blog/ubuntu-overlayfs-vulnerability", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json index 8a46f6c21b4..dfe41c024d7 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32707", "sourceIdentifier": "prodsec@splunk.com", "published": "2023-06-01T17:15:10.117", - "lastModified": "2023-06-07T14:29:18.523", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-11T19:15:42.337", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -106,6 +106,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174602/Splunk-Enterprise-Account-Takeover.html", + "source": "prodsec@splunk.com" + }, { "url": "https://advisory.splunk.com/advisories/SVD-2023-0602", "source": "prodsec@splunk.com", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3389.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3389.json index 454a892720d..7b385f26567 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3389.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3389.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3389", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-06-28T20:15:09.773", - "lastModified": "2023-08-19T18:16:48.263", + "lastModified": "2023-09-11T19:15:43.383", "vulnStatus": "Modified", "descriptions": [ { @@ -103,6 +103,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "source": "cve-coordination@google.com" + }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04", "source": "cve-coordination@google.com", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3390.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3390.json index 554af4b3038..c624e3a8c6e 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3390.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3390.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3390", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-06-28T21:15:10.447", - "lastModified": "2023-08-18T14:15:28.593", + "lastModified": "2023-09-11T19:15:43.490", "vulnStatus": "Modified", "descriptions": [ { @@ -96,6 +96,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "source": "cve-coordination@google.com" + }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", "source": "cve-coordination@google.com", diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json index caec3e9eee0..e242e4860ff 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json @@ -2,7 +2,7 @@ "id": "CVE-2023-35001", "sourceIdentifier": "security@ubuntu.com", "published": "2023-07-05T19:15:10.147", - "lastModified": "2023-08-24T19:15:39.257", + "lastModified": "2023-09-11T19:15:42.447", "vulnStatus": "Modified", "descriptions": [ { @@ -136,6 +136,10 @@ "Third Party Advisory" ] }, + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "source": "security@ubuntu.com" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/05/3", "source": "security@ubuntu.com", diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35065.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35065.json index d2a2ec20bc6..c00248a22b7 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35065.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35065.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35065", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-09-05T18:15:10.067", - "lastModified": "2023-09-05T18:29:49.867", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:30:59.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:osoft:dyeing_-_printing_-_finishing_production_management:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.1", + "matchCriteriaId": "01732BFD-FD5F-4610-8A10-28463DEA50FC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0490", - "source": "cve@usom.gov.tr" + "source": "cve@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35068.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35068.json index b65e2a9e9f5..5e38a5aa0f8 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35068.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35068.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35068", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-09-05T18:15:10.327", - "lastModified": "2023-09-05T18:29:49.867", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:33:00.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bma:personnel_tracking_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20230904", + "matchCriteriaId": "285505CA-F529-496A-A791-1A390035AE4B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0491", - "source": "cve@usom.gov.tr" + "source": "cve@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35072.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35072.json index 59b73911697..6588cba299e 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35072.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35072.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35072", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-09-05T18:15:10.507", - "lastModified": "2023-09-05T18:29:49.867", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:38:17.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:coyavtravel:proagent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20230904", + "matchCriteriaId": "9F84B6E8-C243-4488-9244-6D6D7F181338" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0492", - "source": "cve@usom.gov.tr" + "source": "cve@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35785.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35785.json index 4c755690436..e635959045e 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35785.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35785.json @@ -2,12 +2,12 @@ "id": "CVE-2023-35785", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T20:15:08.033", - "lastModified": "2023-09-08T03:15:08.017", + "lastModified": "2023-09-11T19:15:42.563", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below and Support Center Plus 14300 and below are vulnerable to the authentication bypass vulnerability via a few authenticators." + "value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json index a76b6ac46f5..d82bffefdfa 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json @@ -2,7 +2,7 @@ "id": "CVE-2023-35788", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T21:15:09.340", - "lastModified": "2023-08-19T18:16:44.583", + "lastModified": "2023-09-11T19:15:42.757", "vulnStatus": "Modified", "descriptions": [ { @@ -215,6 +215,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "source": "cve@mitre.org" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/17/1", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36140.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36140.json index 8685663bd1d..473b678221e 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36140.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36140.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36140", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T15:16:00.773", - "lastModified": "2023-09-11T15:16:00.773", - "vulnStatus": "Received", + "lastModified": "2023-09-11T18:02:20.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38743.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38743.json new file mode 100644 index 00000000000..82f22e4ecc3 --- /dev/null +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38743.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-38743", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:42.890", + "lastModified": "2023-09-11T19:15:42.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38743.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38829.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38829.json new file mode 100644 index 00000000000..83f0581b39d --- /dev/null +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38829.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-38829", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:42.957", + "lastModified": "2023-09-11T19:15:42.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/adhikara13/CVE-2023-38829-NETIS-WF2409E", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39063.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39063.json new file mode 100644 index 00000000000..d12384a63e6 --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39063.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39063", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:43.013", + "lastModified": "2023-09-11T19:15:43.013", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/AndreGNogueira/CVE-2023-39063", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39067.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39067.json new file mode 100644 index 00000000000..3d7acc4663b --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39067.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39067", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T18:15:10.223", + "lastModified": "2023-09-11T19:08:33.020", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Yao-ruo/CVE-FIND/blob/main/CVE-2023-39067", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Yao-ruo/CVE-ZLMediaKit/blob/main/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39068.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39068.json new file mode 100644 index 00000000000..336a35e1815 --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39068.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39068", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:43.070", + "lastModified": "2023-09-11T19:15:43.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39070.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39070.json new file mode 100644 index 00000000000..1fcf68948ef --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39070.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39070", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:43.127", + "lastModified": "2023-09-11T19:15:43.127", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39511.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39511.json index c3b227420e5..09433c74981 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39511.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39511.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39511", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-06T18:15:08.627", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:06:25.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,10 +66,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.25", + "matchCriteriaId": "11743AE1-4C92-47E9-BDA5-764FE3984CE8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39598.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39598.json index 47731862eab..2dbf381d0b8 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39598.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39598.json @@ -2,19 +2,75 @@ "id": "CVE-2023-39598", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-05T18:15:10.900", - "lastModified": "2023-09-05T18:29:49.867", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:46:42.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:icewarp:webclient:10.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "4079A278-C269-46FF-8610-3516CB112401" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-397xx/CVE-2023-39780.json b/CVE-2023/CVE-2023-397xx/CVE-2023-39780.json new file mode 100644 index 00000000000..16c7ad998d4 --- /dev/null +++ b/CVE-2023/CVE-2023-397xx/CVE-2023-39780.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-39780", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:43.190", + "lastModified": "2023-09-11T19:15:43.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/1/EN.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/2/EN.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/3/EN.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/4/EN.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/5/EN.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/6/EN.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40032.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40032.json new file mode 100644 index 00000000000..962769dc4df --- /dev/null +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40032.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-40032", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-11T19:15:43.603", + "lastModified": "2023-09-11T19:15:43.603", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/libvips/libvips/pull/3604", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/libvips/libvips/security/advisories/GHSA-33qp-9pq7-9584", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40397.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40397.json index 7753cbff797..2be06e1904e 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40397.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40397.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40397", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-06T21:15:13.850", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:15:10.427", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213843", "source": "product-security@apple.com" diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41000.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41000.json index 2391a7bac7b..442871eead2 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41000.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41000.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41000", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T15:16:02.307", - "lastModified": "2023-09-11T15:16:02.307", - "vulnStatus": "Received", + "lastModified": "2023-09-11T18:02:20.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json index d806ea8e11f..2f2b2a3ec6b 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41064", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-07T18:15:07.727", - "lastModified": "2023-09-08T22:15:11.583", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:15:43.720", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -35,6 +35,18 @@ { "url": "https://support.apple.com/kb/HT213906", "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/kb/HT213913", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/kb/HT213914", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/kb/HT213915", + "source": "product-security@apple.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41103.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41103.json new file mode 100644 index 00000000000..bca3dc8f74a --- /dev/null +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41103.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-41103", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T19:15:43.917", + "lastModified": "2023-09-11T19:15:43.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-41103", + "source": "cve@mitre.org" + }, + { + "url": "https://www.interactsoftware.com/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41107.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41107.json index 68303b6bc47..a08f828c056 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41107.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41107.json @@ -2,23 +2,82 @@ "id": "CVE-2023-41107", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-05T16:15:08.050", - "lastModified": "2023-09-05T17:31:50.810", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:15:44.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tef:tef_portal:2023-07-17:*:*:*:*:*:*:*", + "matchCriteriaId": "29E8FC8A-0F2E-43B3-A9C8-40C703D5BD70" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-020.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://www.syss.de/pentest-blog/sicherheitsschwachstellen-im-tef-haendlerportal-syss-2023-020/-021", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41108.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41108.json index 5641a1a2ea3..328a612d6d5 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41108.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41108.json @@ -2,23 +2,82 @@ "id": "CVE-2023-41108", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-05T16:15:08.110", - "lastModified": "2023-09-05T17:31:50.810", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:17:05.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TEF portal 2023-07-17 is vulnerable to authenticated remote code execution." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tef:tef_portal:2023-07-17:*:*:*:*:*:*:*", + "matchCriteriaId": "29E8FC8A-0F2E-43B3-A9C8-40C703D5BD70" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-021.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://www.syss.de/pentest-blog/sicherheitsschwachstellen-im-tef-haendlerportal-syss-2023-020/-021", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41256.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41256.json new file mode 100644 index 00000000000..311c1e867fb --- /dev/null +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41256.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41256", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-09-11T19:15:43.987", + "lastModified": "2023-09-11T19:15:43.987", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41328.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41328.json index 568455310b3..abfa1aa02d4 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41328.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41328.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41328", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-06T18:15:09.047", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:05:46.093", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*", + "versionEndExcluding": "13.46.1", + "matchCriteriaId": "418BFA9F-DE58-440C-BC07-A7195C346BE5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0.0", + "versionEndExcluding": "14.20.0", + "matchCriteriaId": "257F1200-5913-42A0-B2FF-C9B7A5FDC7DD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/frappe/frappe/releases/tag/v13.46.1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/frappe/frappe/releases/tag/v14.20.0", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41508.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41508.json index 1e091ff3ddb..12a7d790861 100644 --- a/CVE-2023/CVE-2023-415xx/CVE-2023-41508.json +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41508.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41508", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-05T21:15:47.483", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:53:12.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Una contrase\u00f1a incrustada en Super Store Finder v3.6 permite a los atacantes acceder al panel de administraci\u00f3n. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:superstorefinder:super_store_finder:3.6:*:*:*:*:-:*:*", + "matchCriteriaId": "CFD2140D-96EB-4B60-8BEE-AE439992F5AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/redblueteam/CVE-2023-41508/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://superstorefinder.net/support/forums/topic/super-store-finder-patch-notes/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41593.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41593.json new file mode 100644 index 00000000000..ced1376950a --- /dev/null +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41593.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-41593", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T18:15:10.767", + "lastModified": "2023-09-11T19:08:33.020", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41593", + "source": "cve@mitre.org" + }, + { + "url": "https://portswigger.net/web-security/cross-site-scripting", + "source": "cve@mitre.org" + }, + { + "url": "https://www.acunetix.com/websitesecurity/cross-site-scripting/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41601.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41601.json index 19d06b1bb4d..9989f281e1f 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41601.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41601.json @@ -2,23 +2,82 @@ "id": "CVE-2023-41601", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-06T20:15:07.857", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:03:19.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B83DE2F9-E5FF-4A78-A40C-AB8CFF373992" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/al3zx/csz_cms_1_3_0_xss_in_install_page/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.cszcms.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41609.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41609.json new file mode 100644 index 00000000000..f48a8f895d2 --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41609.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41609", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T18:15:10.993", + "lastModified": "2023-09-11T19:08:33.020", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/CouchCMS/CouchCMS/issues/190", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41930.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41930.json index d42aed80235..45be49566b0 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41930.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41930.json @@ -2,23 +2,82 @@ "id": "CVE-2023-41930", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-06T13:15:09.377", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:23:34.093", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:job_configuration_history:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "1227.v7a_79fc4dc01f", + "matchCriteriaId": "DCA428E1-B407-4F61-AB8B-B24D902C4A8D" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41931.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41931.json index e996caeb8b1..46d3d43a352 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41931.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41931.json @@ -2,23 +2,83 @@ "id": "CVE-2023-41931", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-06T13:15:09.577", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:55:42.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:job_configuration_history:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "1227.v7a_79fc4dc01f", + "matchCriteriaId": "DCA428E1-B407-4F61-AB8B-B24D902C4A8D" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41941.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41941.json index 0a7c97be71f..c7ef99cec5e 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41941.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41941.json @@ -2,23 +2,83 @@ "id": "CVE-2023-41941", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-06T13:15:11.107", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:44:44.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:aws_codecommit_trigger:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "3.0.12", + "matchCriteriaId": "8C6ACF0F-A36C-468E-AFBA-F0004DCC931F" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(1)", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41942.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41942.json index eabcaa3c4fa..530e03b19e1 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41942.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41942.json @@ -2,23 +2,83 @@ "id": "CVE-2023-41942", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-06T13:15:11.217", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:43:21.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:aws_codecommit_trigger:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "3.0.12", + "matchCriteriaId": "8C6ACF0F-A36C-468E-AFBA-F0004DCC931F" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(2)", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41943.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41943.json index 227287447b2..9a1aba47fa8 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41943.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41943.json @@ -2,23 +2,83 @@ "id": "CVE-2023-41943", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-06T13:15:11.433", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:40:55.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:aws_codecommit_trigger:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "3.0.12", + "matchCriteriaId": "8C6ACF0F-A36C-468E-AFBA-F0004DCC931F" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(2)", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41944.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41944.json index 5d7dec691e8..930033e02d1 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41944.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41944.json @@ -2,23 +2,83 @@ "id": "CVE-2023-41944", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-06T13:15:11.553", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:37:32.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:aws_codecommit_trigger:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "3.0.12", + "matchCriteriaId": "8C6ACF0F-A36C-468E-AFBA-F0004DCC931F" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3102", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41945.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41945.json index f025dcd1364..c0c74df47f9 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41945.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41945.json @@ -2,23 +2,83 @@ "id": "CVE-2023-41945", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-06T13:15:11.770", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:07:22.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:assembla_auth:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "1.14", + "matchCriteriaId": "58175D24-70D9-48A1-83E8-1C019C9C32DF" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3065", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41946.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41946.json index 31496e0b001..f6b804e1bfd 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41946.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41946.json @@ -2,23 +2,83 @@ "id": "CVE-2023-41946", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-06T13:15:11.887", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:07:01.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:frugal_testing:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "1.1", + "matchCriteriaId": "F9A50DC0-0C81-4FFE-9983-9F77A40B7D8F" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3082", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41947.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41947.json index 70ff43bc3eb..d6686b60065 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41947.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41947.json @@ -2,23 +2,83 @@ "id": "CVE-2023-41947", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-06T13:15:11.973", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:06:49.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:frugal_testing:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "1.1", + "matchCriteriaId": "F9A50DC0-0C81-4FFE-9983-9F77A40B7D8F" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3082", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4207.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4207.json index 5a0f2cea23d..4f0e55419c0 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4207.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4207.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4207", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:11.453", - "lastModified": "2023-09-10T12:16:20.457", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-11T18:13:33.030", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -46,18 +76,64 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.5", + "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Issue Tracking", + "Mailing List", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5492", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json index 7b21f0b1748..0f7c5506267 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4208", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:11.627", - "lastModified": "2023-09-10T12:16:20.607", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-11T18:12:56.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -46,18 +76,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.5", + "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://kernel.dance/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5492", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4244.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4244.json index d5a75fcca8d..2858f24f6c2 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4244.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4244.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4244", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:11.877", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:12:18.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -46,14 +76,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.5", + "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Issue Tracking", + "Mailing List", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4310.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4310.json index 3173c71c7a2..e2cffeef283 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4310.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4310.json @@ -2,16 +2,49 @@ "id": "CVE-2023-4310", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-05T21:15:47.537", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T19:01:47.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -23,14 +56,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "402E7658-AAFA-41FF-A4E1-1DF4FD845BC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3366D2EE-532C-4741-B32A-575E8B1A9AF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:beyondtrust:remote_support:23.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FABCD6F1-8D5A-4373-83B5-9DDE81331343" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:beyondtrust:remote_support:23.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "5E495D6D-7D56-41E6-B62A-0081AD9146BD" + } + ] + } + ] + } + ], "references": [ { "url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4485.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4485.json index 2e3c7bbc085..7a462bcf4d9 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4485.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4485.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4485", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-09-06T00:15:07.530", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:00:50.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "ics-cert@hq.dhs.gov", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,44 @@ "value": "CWE-89" } ] + }, + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ardereg:sistemas_scada:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.203", + "matchCriteriaId": "C51DD5B5-A3FA-482B-819F-100F193CEB96" + } + ] + } + ] } ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4597.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4597.json index 6f3631df8aa..9451169791a 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4597.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4597.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4597", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-30T02:15:09.660", - "lastModified": "2023-09-01T18:36:38.313", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-11T19:15:44.123", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -12,29 +12,9 @@ ], "metrics": { "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "REQUIRED", - "scope": "CHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM" - }, - "exploitabilityScore": 2.3, - "impactScore": 2.7 - }, { "source": "security@wordfence.com", - "type": "Secondary", + "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -51,6 +31,26 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -85,6 +85,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174604/WordPress-Slimstat-Analytics-5.0.9-Cross-Site-Scripting-SQL-Injection.html", + "source": "security@wordfence.com" + }, { "url": "https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.0.9/wp-slimstat.php#L892", "source": "security@wordfence.com", diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4622.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4622.json index 6a2f95a5cb0..61323dd5503 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4622.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4622.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4622", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:12.193", - "lastModified": "2023-09-10T12:16:21.273", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-11T18:15:11.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -46,18 +76,64 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.4.15", + "matchCriteriaId": "AE02A61A-E8BA-45B0-BA09-833FBAB89E71" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Issue Tracking", + "Mailing List", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5492", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4623.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4623.json index 1dd59c29a5f..d3a98095ec5 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4623.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4623.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4623", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:12.357", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:15:48.930", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -46,14 +76,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5.75", + "matchCriteriaId": "D5893A86-1141-4D63-AC5A-819A556D79D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "169446DE-67F8-4738-91FE-ED8058118F80" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Issue Tracking", + "Mailing List", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4772.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4772.json index 1f68334bdf6..ad69e53bdde 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4772.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4772.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4772", "sourceIdentifier": "security@wordfence.com", "published": "2023-09-07T02:15:08.033", - "lastModified": "2023-09-07T12:50:36.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:17:13.813", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -50,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:thenewsletterplugin:newsletter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "7.8.9", + "matchCriteriaId": "8C51C28A-2E44-4EB9-AE9A-767F9EBAB376" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/newsletter/tags/7.8.9/subscription/subscription.php#L1653", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2955097/newsletter#file21", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87da5300-1add-44fc-a3e0-e8912f946c84?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4792.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4792.json index 56f5357c617..5623e48963a 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4792.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4792.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4792", "sourceIdentifier": "security@wordfence.com", "published": "2023-09-07T02:15:08.163", - "lastModified": "2023-09-07T12:50:36.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T18:16:54.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,18 +46,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inqsys:duplicate_post_page_menu_\\&_custom_post_type:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.1", + "matchCriteriaId": "3CB05349-73A8-4C87-96BA-F390EF3EE437" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/duplicate-post-page-menu-custom-post-type/trunk/duplicate-post-page-menu-cpt.php?rev=2871256#L383", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2963515%40duplicate-post-page-menu-custom-post-type&new=2963515%40duplicate-post-page-menu-custom-post-type&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6bb08e8-9ef5-41db-a111-c377a5dfae77?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4807.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4807.json index 650afb41251..a02b4dd9589 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4807.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4807.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4807", "sourceIdentifier": "openssl-security@openssl.org", "published": "2023-09-08T12:15:08.043", - "lastModified": "2023-09-08T18:15:07.790", + "lastModified": "2023-09-11T19:15:44.617", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://packetstormsecurity.com/files/174593/OpenSSL-Security-Advisory-20230908.html", + "source": "openssl-security@openssl.org" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/08/1", "source": "openssl-security@openssl.org" diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4881.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4881.json index 0b89c13d408..06574334e7d 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4881.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4881.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4881", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-11T17:15:07.547", - "lastModified": "2023-09-11T17:15:07.547", - "vulnStatus": "Received", + "lastModified": "2023-09-11T18:02:20.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 597d4410a3f..0ce77a848ef 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-11T18:00:27.553751+00:00 +2023-09-11T20:00:25.410243+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-11T17:59:40.753000+00:00 +2023-09-11T19:55:42.340000+00:00 ``` ### Last Data Feed Release @@ -29,43 +29,65 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -224612 +224633 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `21` -* [CVE-2023-30058](CVE-2023/CVE-2023-300xx/CVE-2023-30058.json) (`2023-09-11T16:15:07.560`) -* [CVE-2023-4881](CVE-2023/CVE-2023-48xx/CVE-2023-4881.json) (`2023-09-11T17:15:07.547`) +* [CVE-2020-19318](CVE-2020/CVE-2020-193xx/CVE-2020-19318.json) (`2023-09-11T18:15:09.107`) +* [CVE-2020-19319](CVE-2020/CVE-2020-193xx/CVE-2020-19319.json) (`2023-09-11T19:15:41.250`) +* [CVE-2020-19320](CVE-2020/CVE-2020-193xx/CVE-2020-19320.json) (`2023-09-11T19:15:41.367`) +* [CVE-2020-19323](CVE-2020/CVE-2020-193xx/CVE-2020-19323.json) (`2023-09-11T19:15:41.437`) +* [CVE-2020-19559](CVE-2020/CVE-2020-195xx/CVE-2020-19559.json) (`2023-09-11T19:15:41.500`) +* [CVE-2023-39067](CVE-2023/CVE-2023-390xx/CVE-2023-39067.json) (`2023-09-11T18:15:10.223`) +* [CVE-2023-41593](CVE-2023/CVE-2023-415xx/CVE-2023-41593.json) (`2023-09-11T18:15:10.767`) +* [CVE-2023-41609](CVE-2023/CVE-2023-416xx/CVE-2023-41609.json) (`2023-09-11T18:15:10.993`) +* [CVE-2023-31067](CVE-2023/CVE-2023-310xx/CVE-2023-31067.json) (`2023-09-11T19:15:41.873`) +* [CVE-2023-31068](CVE-2023/CVE-2023-310xx/CVE-2023-31068.json) (`2023-09-11T19:15:41.927`) +* [CVE-2023-31069](CVE-2023/CVE-2023-310xx/CVE-2023-31069.json) (`2023-09-11T19:15:41.983`) +* [CVE-2023-31468](CVE-2023/CVE-2023-314xx/CVE-2023-31468.json) (`2023-09-11T19:15:42.173`) +* [CVE-2023-38743](CVE-2023/CVE-2023-387xx/CVE-2023-38743.json) (`2023-09-11T19:15:42.890`) +* [CVE-2023-38829](CVE-2023/CVE-2023-388xx/CVE-2023-38829.json) (`2023-09-11T19:15:42.957`) +* [CVE-2023-39063](CVE-2023/CVE-2023-390xx/CVE-2023-39063.json) (`2023-09-11T19:15:43.013`) +* [CVE-2023-39068](CVE-2023/CVE-2023-390xx/CVE-2023-39068.json) (`2023-09-11T19:15:43.070`) +* [CVE-2023-39070](CVE-2023/CVE-2023-390xx/CVE-2023-39070.json) (`2023-09-11T19:15:43.127`) +* [CVE-2023-39780](CVE-2023/CVE-2023-397xx/CVE-2023-39780.json) (`2023-09-11T19:15:43.190`) +* [CVE-2023-40032](CVE-2023/CVE-2023-400xx/CVE-2023-40032.json) (`2023-09-11T19:15:43.603`) +* [CVE-2023-41103](CVE-2023/CVE-2023-411xx/CVE-2023-41103.json) (`2023-09-11T19:15:43.917`) +* [CVE-2023-41256](CVE-2023/CVE-2023-412xx/CVE-2023-41256.json) (`2023-09-11T19:15:43.987`) ### CVEs modified in the last Commit -Recently modified CVEs: `22` +Recently modified CVEs: `70` -* [CVE-2023-4844](CVE-2023/CVE-2023-48xx/CVE-2023-4844.json) (`2023-09-11T16:40:46.803`) -* [CVE-2023-34637](CVE-2023/CVE-2023-346xx/CVE-2023-34637.json) (`2023-09-11T16:54:19.023`) -* [CVE-2023-28557](CVE-2023/CVE-2023-285xx/CVE-2023-28557.json) (`2023-09-11T16:57:21.930`) -* [CVE-2023-28549](CVE-2023/CVE-2023-285xx/CVE-2023-28549.json) (`2023-09-11T16:58:23.583`) -* [CVE-2023-28548](CVE-2023/CVE-2023-285xx/CVE-2023-28548.json) (`2023-09-11T17:05:04.900`) -* [CVE-2023-28544](CVE-2023/CVE-2023-285xx/CVE-2023-28544.json) (`2023-09-11T17:08:00.573`) -* [CVE-2023-40743](CVE-2023/CVE-2023-407xx/CVE-2023-40743.json) (`2023-09-11T17:16:46.603`) -* [CVE-2023-41012](CVE-2023/CVE-2023-410xx/CVE-2023-41012.json) (`2023-09-11T17:32:47.030`) -* [CVE-2023-4779](CVE-2023/CVE-2023-47xx/CVE-2023-4779.json) (`2023-09-11T17:46:42.657`) -* [CVE-2023-4346](CVE-2023/CVE-2023-43xx/CVE-2023-4346.json) (`2023-09-11T17:47:59.647`) -* [CVE-2023-35719](CVE-2023/CVE-2023-357xx/CVE-2023-35719.json) (`2023-09-11T17:49:21.660`) -* [CVE-2023-41940](CVE-2023/CVE-2023-419xx/CVE-2023-41940.json) (`2023-09-11T17:49:38.180`) -* [CVE-2023-41939](CVE-2023/CVE-2023-419xx/CVE-2023-41939.json) (`2023-09-11T17:51:37.613`) -* [CVE-2023-41938](CVE-2023/CVE-2023-419xx/CVE-2023-41938.json) (`2023-09-11T17:52:09.947`) -* [CVE-2023-41937](CVE-2023/CVE-2023-419xx/CVE-2023-41937.json) (`2023-09-11T17:53:01.077`) -* [CVE-2023-41936](CVE-2023/CVE-2023-419xx/CVE-2023-41936.json) (`2023-09-11T17:53:27.380`) -* [CVE-2023-41935](CVE-2023/CVE-2023-419xx/CVE-2023-41935.json) (`2023-09-11T17:54:37.170`) -* [CVE-2023-4206](CVE-2023/CVE-2023-42xx/CVE-2023-4206.json) (`2023-09-11T17:57:25.160`) -* [CVE-2023-4745](CVE-2023/CVE-2023-47xx/CVE-2023-4745.json) (`2023-09-11T17:57:42.127`) -* [CVE-2023-4739](CVE-2023/CVE-2023-47xx/CVE-2023-4739.json) (`2023-09-11T17:58:12.637`) -* [CVE-2023-4015](CVE-2023/CVE-2023-40xx/CVE-2023-4015.json) (`2023-09-11T17:59:05.123`) -* [CVE-2023-3777](CVE-2023/CVE-2023-37xx/CVE-2023-3777.json) (`2023-09-11T17:59:40.753`) +* [CVE-2023-32163](CVE-2023/CVE-2023-321xx/CVE-2023-32163.json) (`2023-09-11T18:52:49.417`) +* [CVE-2023-41508](CVE-2023/CVE-2023-415xx/CVE-2023-41508.json) (`2023-09-11T18:53:12.833`) +* [CVE-2023-32162](CVE-2023/CVE-2023-321xx/CVE-2023-32162.json) (`2023-09-11T18:53:22.077`) +* [CVE-2023-29198](CVE-2023/CVE-2023-291xx/CVE-2023-29198.json) (`2023-09-11T18:58:07.770`) +* [CVE-2023-4310](CVE-2023/CVE-2023-43xx/CVE-2023-4310.json) (`2023-09-11T19:01:47.590`) +* [CVE-2023-23623](CVE-2023/CVE-2023-236xx/CVE-2023-23623.json) (`2023-09-11T19:02:53.833`) +* [CVE-2023-30718](CVE-2023/CVE-2023-307xx/CVE-2023-30718.json) (`2023-09-11T19:05:24.947`) +* [CVE-2023-41947](CVE-2023/CVE-2023-419xx/CVE-2023-41947.json) (`2023-09-11T19:06:49.680`) +* [CVE-2023-41946](CVE-2023/CVE-2023-419xx/CVE-2023-41946.json) (`2023-09-11T19:07:01.407`) +* [CVE-2023-41945](CVE-2023/CVE-2023-419xx/CVE-2023-41945.json) (`2023-09-11T19:07:22.307`) +* [CVE-2023-32559](CVE-2023/CVE-2023-325xx/CVE-2023-32559.json) (`2023-09-11T19:11:58.063`) +* [CVE-2023-31248](CVE-2023/CVE-2023-312xx/CVE-2023-31248.json) (`2023-09-11T19:15:42.037`) +* [CVE-2023-32629](CVE-2023/CVE-2023-326xx/CVE-2023-32629.json) (`2023-09-11T19:15:42.233`) +* [CVE-2023-32707](CVE-2023/CVE-2023-327xx/CVE-2023-32707.json) (`2023-09-11T19:15:42.337`) +* [CVE-2023-35001](CVE-2023/CVE-2023-350xx/CVE-2023-35001.json) (`2023-09-11T19:15:42.447`) +* [CVE-2023-35785](CVE-2023/CVE-2023-357xx/CVE-2023-35785.json) (`2023-09-11T19:15:42.563`) +* [CVE-2023-35788](CVE-2023/CVE-2023-357xx/CVE-2023-35788.json) (`2023-09-11T19:15:42.757`) +* [CVE-2023-3090](CVE-2023/CVE-2023-30xx/CVE-2023-3090.json) (`2023-09-11T19:15:43.253`) +* [CVE-2023-3389](CVE-2023/CVE-2023-33xx/CVE-2023-3389.json) (`2023-09-11T19:15:43.383`) +* [CVE-2023-3390](CVE-2023/CVE-2023-33xx/CVE-2023-3390.json) (`2023-09-11T19:15:43.490`) +* [CVE-2023-41064](CVE-2023/CVE-2023-410xx/CVE-2023-41064.json) (`2023-09-11T19:15:43.720`) +* [CVE-2023-4597](CVE-2023/CVE-2023-45xx/CVE-2023-4597.json) (`2023-09-11T19:15:44.123`) +* [CVE-2023-4807](CVE-2023/CVE-2023-48xx/CVE-2023-4807.json) (`2023-09-11T19:15:44.617`) +* [CVE-2023-41930](CVE-2023/CVE-2023-419xx/CVE-2023-41930.json) (`2023-09-11T19:23:34.093`) +* [CVE-2023-41931](CVE-2023/CVE-2023-419xx/CVE-2023-41931.json) (`2023-09-11T19:55:42.340`) ## Download and Usage